Attack of the Rogues: Fake Windows Action Center

Microsoft debuted Windows Security Center (WSC) with Windows XP SP2 that helps in checking the status of software Firewall, Antivirus software and Windows Automatic Updates. If any of the three is switched off or found outdated, the Windows Security Center sends the user an alert via a pop-up notification balloon.

Windows Security Center was renamed as Windows Action Center in Windows 7 and encompassed monitoring of system maintenance tasks in addition to the security settings.

Rogue security software authors are increasingly impersonating Windows Security Center/Action Center to promote their fraudulent software. They often accompany rogue antivirus/antispyware software that display fake warnings about non-existent threats and require money to register the software in order to remove them.

Genuine and Fake Security Center - Windows XP

What is a Rogue Security Software?

A rogue security software belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.

Some observations on Fake Windows Action/Security Center

The Fake Windows Security/Action center is generally found installed along with a fraudulent security software.

If the malware interferes with the download process, use an alternate computer to download the programs and them transfer them to the infected computer using a removable drive.

Scan with Kaspersky Virus Removal Tool, if needed use our earlier article on How to Remove Malware with Free Kaspersky Virus Removal Tool. Alternatively, if you are using Dr.Web CureIt!, it comes in randomly named file to evade identification by malware. Click to open, Since you are supposed to use this on a home PC, Click Cancel and then click Start and OK to start a express scan. Click Yes to cure or move the infected objects. Once the scan is complete Click Yes to restart.

Install Malwarebytes’ Anti-Malware, Open and choose a full-scan. Once the scan is completed, click “Show results“, confirm that all instances of the rogue security software are check-marked and then click “Remove Selected” to delete them. Restart to complete the removal process.